Beefy Boxes and Bandwidth Generously Provided by pair Networks
Welcome to the Monastery
 
PerlMonks  

Re^2: Find and replace MD5 hash from file

by ikegami (Pope)
on Jun 29, 2011 at 19:32 UTC ( #912019=note: print w/ replies, xml ) Need Help??


in reply to Re: Find and replace MD5 hash from file
in thread Find and replace MD5 hash from file

If you then single quote your s/// expression to protect from shell interpolation

Adding single quotes does not protect from shell interpolation.

That will fail if $hash1 or $hash2 can contain «'», I don't think that's possible, but I don't know for sure.

That's why I use

$s =~ s/'/'\\''/g; return "'$s'";

instead of

return "'$s'";

Update: philipbailey has since pointed out that the hash cannot contains quotes. While you can't context text to a shell literal using the second snippet in general, it appears to be safe in this particular circumstance.


Comment on Re^2: Find and replace MD5 hash from file
Select or Download Code
Re^3: Find and replace MD5 hash from file
by philipbailey (Chaplain) on Jun 29, 2011 at 19:45 UTC

    We've had this conversation before, ikegami. In this case the OP's base64-encoded strings never contain single quotes.

    Update: this is clarified in later nodes in this thread. The OP's output largely consists of base-64 strings together with 4 other (non-quote) characters, explained below.

      The OP doesn't have base64-encoded strings. He's got hashes which include base64 strings. They are not base64 strings, and I don't know if they can contain quotes or not.

      As for your comment about having this discussion before, it makes no sense. I'm telling the OP that just adding single quotes is not always acceptable, and I'm sure I've never told this to him before since he's never posted here before.

      You are probably referring to the thread where you recommended a buggy version of

      my $passwd_lit = $passwd; my $path_lit = $path; s#'#'\\''#g for $passwd_lit, $path_lit; system("mysqldump --add-drop-table -uroot -p'$passwd_lit' mydatabase | + gzip -9c > '$path_lit'");

      over

      my ($passwd_lit, $path_lit) = map text_to_shell_lit, $passwd, $path; system("mysqldump --add-drop-table -uroot -p$passwd_lit mydatabase | g +zip -9c > $path_lit");

      But that makes no sense either since you didn't use that code.

        This is the format of adroc's output from "makepasswd": "$1$" + base64-encoded string (a salt) + "$" + another base64-encoded string (the hashed password). No quotes there.

        The source for makepasswd on my system is available here: http://packages.debian.org/lenny/makepasswd. After examining that code, I can't see anything that disagrees with what I said. And this is a standard format, so some other "makepasswd" should produce the same output.

        (Updates made to the text of this node for clarity.)

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://912019]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (4)
As of 2014-12-28 12:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    Is guessing a good strategy for surviving in the IT business?





    Results (181 votes), past polls